The decline in cryptojacking and ransomware activities due to the decreasing cryptocurrency values and increasing adoption of cloud and mobile computing prompted cybercriminals to employ alternative methods such as formjacking to make money, according to Symantec’s Internet Security Threat Report (ISTR) Volume 24.
Symantec’s ISTR provides an overview of the threat landscape, including insights into global threat activity, cyber criminal trends and motivations for attackers. The report analyzes data from Symantec’s Global Intelligence Network which records events from 123 million attack sensors worldwide, blocks 143 million threats daily and monitors threat activities in more than 157 countries.
According to Sherif El-Nabawi, vice president, sales engineering and service provider sales, APAC and Japan at Symantec, all the time, attack groups are focused on how to get rich. They look for schemes where they can utilize the ability to deploy whether it’s a software, or social engineering tactic, and the ability to get money quickly in a short amount of time and then basically shift to another group of users.
Formjacking is very prominent in 2018. These are attacks that involve virtual ATM skimming where cybercriminals inject malicious code into retailers’ websites to steal shoppers’ payment card details. El-Nabawi claimed there was an average of over 4,800 websites that were compromised by formjacking code every month. Well-known retailers’ online payment websites including Ticketmaster and British Airways as well as small and medium-sized retailers were compromised with formjacking in recent months.
Millions of dollars went to cybercriminals last year through stolen information from credit cards and sales from Dark web. Just 10 credit cards stolen from each compromised website could result in up to $2.2-million in earnings each month for cyber criminals as a single card can fetch up to $45 on underground markets. With more than 380,000 credit cards stolen, the British Airways attack alone may have allowed criminals to earn more than $17-million.
On the other hand, El-Nabawi noted that Symantec managed to block 3.7-million formjacking attacks on endpoints throughout the year across all their customers, with nearly a third of all detections occurring during November and December, the busiest online shopping period of the year.
Last year saw a decline in activity and diminishing returns for cryptojacking and ransomware due to the decreasing cryptocurrency values and the growing adoption of cloud and mobile computing, rendering attacks less effective. Primarily spread through email with Office attachments, ransomware infections registered a drop of 20% in 2018, the first time it plummeted since 2013. Despite this, however, enterprises should not be easy-going as enterprise infections rose by 12% in 2018, demonstrating ransomware’s ongoing threat to organizations. Like ransomware, cryptojacking showed a drop of 52% in its activity between January and December last year as a result of the 90% decline in cryptocurrency values, which significantly reduced profitability. Cryptojacking however continues to appeal to attackers because of the low entry barrier, minimal overhead and the anonymity it offers. Symantec blocked 3.5-million cryptojacking activities on endpoints in December 2018 alone.